Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop only boots in safe mode and malware programs won't run!


  • This topic is locked This topic is locked
3 replies to this topic

#1 soodic

soodic

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 11 November 2017 - 09:13 PM

Hello I'm pretty desperate about the state of my computer.
Yesterday as I was online, a bunch of those online game ads and pop ups started popping up in my screen and a bunch of random things started downloading automatically.
I ran malware bytes normally and it detected 253 viruses, most of them trojans and im guessing spyware. It quarantined them and I deleted them. After that, I manually restarted the laptop because firefox kept opening like 50 windows at the same time and it wouldn't stop (malware bytes didn't ask me to restart btw) and that is when everything started going wrong.
 
After around 15 minutes, my laptop wouldn't restart and would just keep showing me the "shutting down" screen. I waited another 5 minutes and nothing happened so I had to force shut down. After waiting another 10 minutes I tried to turn the computer back on but it ALWAYS get stuck in the starting screen. I turned it off again and went into safe mode.
In safe mode I tried to run malwarebytes but it wouldn't open the file, it would just show me a message saying there was an error with mbam.exe. I changed the name, the extension and did everything i could to try to run it but nothing worked. I tried to open AVG and windows defender and none of them work, it says both programs ran into an error and can't start.
I then downloaded RKill into a usb drive (i can't use the internet in my infected latopt and safe mode with enabled networking doesn't work) and tried running it but it showed no malware to kill, no errors, nothing wrong (i don't have the logs) and thena message appeared saying I should be able to run malware programs now since nothing was found with RKill. I tried running malware bytes again and it said "This program can't be run in this computer, contact the developer."
I downloaded malware bytes into my usb and tried to install it in the infected laptop but it just gets stalled in the installation screen. I tried to restart the laptop in normal mode and it doesn't boot. It gets stuck in the back screen with the window. Then I booted it in safe mode again and got this message:
 
"LogonUI.exe - Application Error.
The instruction at 0xefdbb189 referenced memory at 0x00000008. The memory could not be written.
Click on OK to terminate the program.
Click on CANCEL to debug the program"


I have basically run out of ideas and I'm very desperate.... someone please help me, I don't know what to do and this laptop isn't mine.....
 
UPDATE: RKill Log attached

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/11/2017 07:11:47 PM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Yuki Nagato\Desktop\mbar-1.10.3.1001.exe (PID: 352) [UP-HEUR]
* C:\Users\Yuki Nagato\Desktop\mbar-1.10.3.1001.exe (PID: 468) [UP-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

54.230.181.87 fs2-gsp.joycity.com
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
127.0.0.1 gf.tools.avast.com
127.0.0.1 pair.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com
127.0.0.1 ipm-provider.ff.avast.com

20 out of 377 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 11/11/2017 07:14:55 PM
Execution time: 0 hours(s), 3 minute(s), and 8 seconds(s)

Attached Files


Edited by Oh My!, 13 November 2017 - 07:02 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 13 November 2017 - 07:05 PM

Greetings soodic and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. It is a little unclear whether or not you are able to boot into Safe Mode. If you are unable to simply stop and let me know if you have a Windows installation disk.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • From a clean computer download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device
  • Insert your USB device into the compromised computer and boot into Safe Mode
  • Using Windows Explorer locate the FRST64 icon on the USB device
  • Right click on the icon and select Run as administrator
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop. Copies of these files will be placed on your USB device
  • Please copy and paste the contents of each report into your reply, using multiple reply windows if necessary
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • Addition log

Edited by Oh My!, 13 November 2017 - 07:08 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 17 November 2017 - 10:10 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 20 November 2017 - 11:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users